Bug#400955: base64 problems authenticating using gssapi

Thu Nov 30 15:49:46 CET 2006

>>>>> "Fabian" == Fabian Fagerholm <fabbe at paniq.net> writes:

    Fabian> On Wed, 2006-11-29 at 15:08 -0500, Sam Hartman wrote:
    >> I get a base64 error authenticating to a system that works fine
    >> with a previous version of sasl.
    >> 
    >> To reproduce:
    Fabian> [...]
    >> You get a base64 decoding error.  With the old sasl you should
    >> get an authentication failure because testprinc is not allowed
    >> to read my mail.

    Fabian> Thanks for the report!

    Fabian> I don't have a Kerberos system to test against right
    Fabian> now. Could you try to pinpoint what's going on here? More
    Fabian> detailed error messages, straces, anything that might help
    Fabian> narrow down where the failure occurs.
I'll be happy to try and debug but my time is incredibly limited right now.

So, that's why I  I did give you a principal and password and sufficient
installation instructions to trivially set up a case to reproduce on
any Debian box on the open internet.

I don't mind if people trying to fix this bug attempt to use my
server.  I'll delete testprinc at SUCHDAMAGE.ORG after the bug is closed.

Since this is a base64 error, I suspect it's probably in the base sasl
library not in the gssapi module.  I really have only dug around in
the guts of Cyrus SASL's GSSAPI module, not the protocol handling etc.

That or memory corruption.

    Fabian> Also, what about the case when the authentication should
    Fabian> succeed? Does it succeed or do you get some similar,
    Fabian> unexpected error?

Sorry.  I really did file a crappy bug report.  You get the same
base64 error with the new sasl, but you get success authenticating
with the old SASL.

I believe that the old SASL is correct; using implementations like
pine, Apple's mail.app, which are not based on cyrus-sasl also work
against imap.suchdamage.org.